Vulnerability CVE-2021-21255: Information

Description

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4.

Severity: MEDIUM (5.7) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-21255

Published: March 2, 2021

Modified: Oct. 14, 2022

Error type identifier: CWE-639

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
glpi	sisyphus	9.5.4-alt1	10.0.15-alt1	ALT-PU-2021-1583-1	268732	Fixed
glpi	p10	9.5.4-alt1	10.0.15-alt1	ALT-PU-2021-1583-1	268732	Fixed
glpi	p9	9.5.4-alt1	9.5.13-alt1	ALT-PU-2021-1660-1	269862	Fixed
glpi	c10f1	9.5.4-alt1	10.0.15-alt1	ALT-PU-2021-1583-1	268732	Fixed
glpi	c9f2	9.5.13-alt1	9.5.13-alt1	ALT-PU-2024-8094-3	348598	Fixed
glpi	p11	9.5.4-alt1	10.0.15-alt1	ALT-PU-2021-1583-1	268732	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://github.com/glpi-project/glpi/security/advisories/GHSA-v3m5-r3mx-ff9j	Third Party Advisory
https://github.com/glpi-project/glpi/commit/aade65b7f67d46f23d276a8acb0df70651c3b1dc	Patch Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:glpi-project:glpi:9.5.3:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2021-21255: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1